NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:June 25, 2026, 4:04 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
342501 6.4 MEDIUM
genecys genecys Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. NVD-CWE-Other
CVE-2006-2554 2018-10-19 01:40 2006-05-24 Show GitHub Exploit DB Packet Storm
342502 5.0 MEDIUM
genecys genecys The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereferenc… NVD-CWE-Other
CVE-2006-2555 2018-10-19 01:40 2006-05-24 Show GitHub Exploit DB Packet Storm
342503 5.8 MEDIUM
iplogger iplogger Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is … NVD-CWE-Other
CVE-2006-2558 2018-10-19 01:40 2006-05-24 Show GitHub Exploit DB Packet Storm
342504 4.3 MEDIUM
alstrasoft e-friends Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3… NVD-CWE-Other
CVE-2006-2564 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342505 7.5 HIGH
alstrasoft article_manager_pro SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter… NVD-CWE-Other
CVE-2006-2565 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342506 5.0 MEDIUM
alstrasoft article_manager_pro Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.ph… NVD-CWE-Other
CVE-2006-2566 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342507 4.3 MEDIUM
alstrasoft article_manager_pro Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demo… NVD-CWE-Other
CVE-2006-2567 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342508 2.6 LOW
alkacon opencms Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search a… NVD-CWE-Other
CVE-2006-2571 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342509 7.2 HIGH
hp hp-ux Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors. NVD-CWE-Other
CVE-2006-2574 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342510 5.0 MEDIUM
pyrosoft_inc netpanzer The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which trig… NVD-CWE-Other
CVE-2006-2575 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342511 7.5 HIGH
hp openview_storage_data_protector Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors. NVD-CWE-Other
CVE-2006-2579 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342512 7.5 HIGH
hp openview_network_node_manager Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create ar… NVD-CWE-Other
CVE-2006-2580 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342513 5.1 MEDIUM
nucleus_group nucleus_cms PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter. NVD-CWE-Other
CVE-2006-2583 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342514 4.3 MEDIUM
skyebox skyebox Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the p… NVD-CWE-Other
CVE-2006-2584 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342515 5.0 MEDIUM
even_balance punkbuster Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlie… NVD-CWE-Other
CVE-2006-2587 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342516 5.0 MEDIUM
russcom_network phpimages Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend o… NVD-CWE-Other
CVE-2006-2588 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342517 6.4 MEDIUM
mybulletinboard mybulletinboard SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original … NVD-CWE-Other
CVE-2006-2589 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342518 4.3 MEDIUM
dschat dschat Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php. NVD-CWE-Other
CVE-2006-2605 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342519 4.3 MEDIUM
chatty chatty Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username. NVD-CWE-Other
CVE-2006-2606 2018-10-19 01:40 2006-05-25 Show GitHub Exploit DB Packet Storm
342520 7.2 HIGH
paul_vixie vixie_cron do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or res… NVD-CWE-Other
CVE-2006-2607 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342521 5.1 MEDIUM
artmedic_webdesign artmedic_newsletter artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a … NVD-CWE-Other
CVE-2006-2608 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342522 2.6 LOW
spiffyjr phpraid Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter. NVD-CWE-Other
CVE-2006-2610 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342523 2.1 LOW
novell client Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by p… NVD-CWE-Other
CVE-2006-2612 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342524 4.3 MEDIUM
mozilla
netscape 		firefox
mozilla_suite
navigator 		Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attacker… CWE-200
Information Exposure 		CVE-2006-2613 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342525 7.5 HIGH
russcom_network russcom.ping ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter. NVD-CWE-Other
CVE-2006-2615 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342526 7.5 HIGH
alstrasoft webhost_directory SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the u… NVD-CWE-Other
CVE-2006-2616 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342527 5.0 MEDIUM
alstrasoft webhost_directory (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, w… NVD-CWE-Other
CVE-2006-2617 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342528 4.3 MEDIUM
alstrasoft webhost_directory Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the… CWE-79
Cross-site Scripting 		CVE-2006-2618 2018-10-19 01:40 2006-05-26 Show GitHub Exploit DB Packet Storm
342529 10.0 HIGH
symantec client_security
norton_antivirus 		Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. NVD-CWE-Other
CVE-2006-2630 2018-10-19 01:40 2006-05-28 Show GitHub Exploit DB Packet Storm
342530 5.1 MEDIUM
dokeos open_source_learning_and_knowledge_management_tool PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. NVD-CWE-Other
CVE-2006-2285 2018-10-19 01:39 2006-05-10 Show GitHub Exploit DB Packet Storm
342531 5.8 MEDIUM
vision_source vision_source_cms Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the fields in a user's profile. NVD-CWE-Other
CVE-2006-2287 2018-10-19 01:39 2006-05-10 Show GitHub Exploit DB Packet Storm
342532 4.0 MEDIUM
microsoft infotech_storage_system_library Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow whi… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2006-2297 2018-10-19 01:39 2006-05-10 Show GitHub Exploit DB Packet Storm
342533 6.4 MEDIUM
mirabilis icq Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which … NVD-CWE-Other
CVE-2006-2303 2018-10-19 01:39 2006-05-11 Show GitHub Exploit DB Packet Storm
342534 10.0 HIGH
novell client Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field … NVD-CWE-Other
CVE-2006-2304 2018-10-19 01:39 2006-05-11 Show GitHub Exploit DB Packet Storm
342535 4.3 MEDIUM
website_baker website_baker Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a user display name. NVD-CWE-Other
CVE-2006-2307 2018-10-19 01:39 2006-05-11 Show GitHub Exploit DB Packet Storm
342536 5.5 MEDIUM
etype eserv Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and del… NVD-CWE-Other
CVE-2006-2308 2018-10-19 01:39 2006-06-2 Show GitHub Exploit DB Packet Storm
342537 4.0 MEDIUM
etype eserv The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script… NVD-CWE-Other
CVE-2006-2309 2018-10-19 01:39 2006-06-2 Show GitHub Exploit DB Packet Storm
342538 7.5 HIGH
postgresql postgresql PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in appl… NVD-CWE-Other
CVE-2006-2313 2018-10-19 01:39 2006-05-24 Show GitHub Exploit DB Packet Storm
342539 7.5 HIGH
postgresql postgresql PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in appl… NVD-CWE-Other
CVE-2006-2314 2018-10-19 01:39 2006-05-24 Show GitHub Exploit DB Packet Storm
342540 4.9 MEDIUM
intel proset_wireless S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33, uses a S24EventManagerSharedMemory shared memory section with weak permissions, which allows local users to read or modify pass… NVD-CWE-Other
CVE-2006-2316 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342541 5.0 MEDIUM
ideal_science idealbb Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile me… NVD-CWE-Other
CVE-2006-2317 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342542 7.5 HIGH
ideal_science idealbb Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" … NVD-CWE-Other
CVE-2006-2318 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342543 7.5 HIGH
ideal_science idealbb This vulnerability is addressed in the following product release: Ideal Science, Ideal BB, 1.5.4b NVD-CWE-Other
CVE-2006-2318 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342544 5.0 MEDIUM
ideal_science idealbb Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character b… NVD-CWE-Other
CVE-2006-2319 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342545 7.5 HIGH
ideal_science idealbb Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedu… NVD-CWE-Other
CVE-2006-2320 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342546 4.3 MEDIUM
ideal_science idealbb Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack … NVD-CWE-Other
CVE-2006-2321 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342547 5.1 MEDIUM
smartisoft phplistpro Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite… NVD-CWE-Other
CVE-2006-2323 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342548 5.1 MEDIUM
smartisoft phplistpro Successful exploitation requires that "register_globals" is enabled. NVD-CWE-Other
CVE-2006-2323 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342549 10.0 HIGH
180solutions zango 180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS res… NVD-CWE-Other
CVE-2006-2324 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm
342550 10.0 HIGH
180solutions zango The only known mitigation for this vulnerability is to block access to static.zangocash.com or zangocash.com althogether at the firewall. NVD-CWE-Other
CVE-2006-2324 2018-10-19 01:39 2006-05-12 Show GitHub Exploit DB Packet Storm